Published December 03, 2010
What goes around comes around: Someone is hacking the hacktivist. And it may be none other than the hacktivist himself.
A self-described patriotic hacktivist known as “The Jester” — who has garnered a reputation for taking down jihadist websites and is believed by those familiar with his work to be responsible for taking WikiLeaks offline during its recent dump of State Department cables — is claiming to be the victim himself of an online impostor trying to cash in on his name.
But that's hardly all there is to the story.
The Jester — who describes himself online as a “Hacktivist for good. Obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys.” — says he’s “an ex-soldier with a rather famous unit, country purposely not specified.”
But cyber-security experts who have profiled him say they believe he is a U.S. citizen.
Over the past year, he’s developed a reputation within the tech community as a cybervigilante who targets Al Qaeda and jihadist websites, temporarily taking them offline using an attack tool called XerXes that he says he developed. He claims that one his better known targets is Iranian president Mahmoud Ahmadinejad.
"He's kind of famous," said Jason Glassberg, managing principal of Casaba Security, a computer and network security firm.
"He claims to have this super tool that can pop websites out at whim. He's a pretty rabid anti-Islamist and anti-jihadist, and now he's basically taken it upon himself to go after WikiLeaks."
"If this tool he’s got can do this, he’s building a pretty powerful weapon."
On Sunday, the Jester announced in a series of Twitter posts that he’d done just that: taken down WikiLeaks using the same attack tool with which he claims he has disrupted or temporarily taken down several jihadist websites over the past year.
On Sunday, the Jester sent out a series of Twitter posts in which he took credit for a denial-of-service attack on WikiLeaks:
“www.wikileaks.org - TANGO DOWN - INDEFINITLEY - for threatening the lives of our troops and 'other assets'”
“If I was a wikileaks 'source' right now I'd be getting a little twitchy, if they can't protect their own site, how can they protect a src?”
Around the same time, WikiLeaks announced, also via Twitter, “We are currently under a mass distributed denial of service attack.” Rumors swirled about who was behind it, and the logical suspect was the Jester.
"There is no way of knowing, it's certainly possible," Glassberg said. "He’s got the history, he appears to have the tool and he definitely appears to have the motivation, so it's entirely possible. I wouldn’t doubt it."
Jeff Bardin, cyberterror expert and chief security architect of XA Systems, said:
"The Jester normally goes after jihadist sites, but since WikiLeaks puts the lives of soldiers in 'additional' harm’s way, WikiLeaks was targeted. The tool used seems like a surgical strike Denial of Service (DoS) tool."
Then on Tuesday, someone claiming to be the Jester created a new Twitter account and website on which he announced that his other accounts had been compromised and that authorities — members of his local sheriff’s department, he wrote — had raided his home and seized his computers in response to his one-man vigilante efforts to block WikiLeaks from releasing classified State Department cables.
In a post on the new blog, this same person tried to solicit funds for what he said was his legal defense.
But that night, a Twitter post from the Jester's original account announced that reports of his home being raided were the work of an impostor and adamantly disputed the idea that he'd asked for donations.
For a brief time it appeared that the hacktivist and the hacker were hacking each other at the same time, as the possible impostor's Twitter feed began redirecting to the Jester's original blog.
And in a delightfully bizarre twist, there's speculation that the Jester's impostor — and his newly launched Twitter account and blog — may actually be the Jester himself.
“I’m very confident that he took down the WikiLeaks site when he said he did,” said Michael Menefee, founder and president of Infosec Island, an online community for IT and network professionals who manage security, risk, and compliance issues. He said he has also has been in direct communication with the original Jester.
“I completely believe he’s the guy who took down WikiLeaks — and I have reason to believe he is the impostor," he said.
“I have reason to believe, based on Twitter behavior and the certain timing of things that I have seen, that they are the same person.”
The next plot twist in this ongoing saga is anybody’s guess. The cyber community is waiting for the Jester’s next move.
"It's all cool and it’s all possible but nobody knows how exactly this is working," Glassberg said. “He’s this ephemeral being.”
One thing's for sure, Glassberg said, "The Jester has definitely made a name for himself."
And so, possibly, has his impostor.